Wireshark-commits: [Wireshark-commits] lts-1.12.1 14709e9: PKTC must be stricter with its Kerberos
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 17 May 2016 19:44:12 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14709e9a8f584a6f15affbfaa1164407b79a38f7
Submitter: Balint Reczey (balint@xxxxxxxxxxxxxxx)
Changed: branch: lts-1.12.1
Repository: wireshark

Commits:

14709e9 by Michael Mann (mmann78@xxxxxxxxxxxx):

    PKTC must be stricter with its Kerberos application choices.
    
    The PKTC dissector calls the Kerberos dissector assuming certain application values.  Because different application values can have different "private" data, corruption can occur.
    Ensure the Kerberos application values match the preceding comments by checking the ber identifier before calling the Kerberos dissector.
    
    (cherry picked from commit 4cdc9eeba58f866bd5f273e9c5b3876857a7a4bf)
    
    (cherry picked from commit 44469711f8310a53f39f535b0ad54cbb3d1fec9e)
    
    Bug: 12206
    Change-Id: I5ffd94d86f0a4689169c47b58662988c5b8e433d
    Reviewed-on: https://code.wireshark.org/review/14541
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    Reviewed-on: https://code.wireshark.org/review/15447
    Reviewed-by: Balint Reczey <balint@xxxxxxxxxxxxxxx>
    

Actions performed:

    from  cde7826   replace dangerous tvb_get_ptr with safer string function.
    adds  14709e9   PKTC must be stricter with its Kerberos application choices.


Summary of changes:
 asn1/kerberos/kerberos.cnf        |    2 ++
 epan/dissectors/packet-kerberos.c |   36 +++++++++++++++----------------
 epan/dissectors/packet-kerberos.h |   20 +++++++++++++++++
 epan/dissectors/packet-pktc.c     |   43 ++++++++++++++++++++++++++++++-------
 4 files changed, 75 insertions(+), 26 deletions(-)